Request access to Microsoft O365 for a person who has been authorized to work remotely outside of the United States.
- This page, Microsoft O365 International Access, is offered by
- Executive Office of Technology Services and Security
Microsoft O365 International Access
The Details
Features
This request is for access to Microsoft O365 Internationally, and requires both Agency/Secretariat’s General Counsel or designee approval, and Agency/Secretariat’s CISO or designee approval.
This access is for a user who will work outside of the United States (American Samoa, Guam, Northern Mariana Islands, Puerto Rico, and the Virgin Islands require international access) on either a temporary, or semi-permanent basis. For users with a primary work location outside of the United States, (consultants, contractors, vendors, etc.) access must be reviewed on a regular basis.
Please request access at least 2 weeks prior. If requesting travel to a country on the DENY LIST (see below) - requires Enterprise EOTSS Chief Information Security Officer (CISO) approval.
How to request
Designated Security Officers (DSOs) ONLY - will request on behalf of Commonwealth employees and their authorized business partners, whether or not currently supported by EOTSS.
Service Level Expectation (SLE)
Microsoft O365 International Access
| SLE | Responsibilities/Dependencies |
|---|---|
Fulfillment: Due to the variable nature of this request item, fulfillment time will differ on a case-to-case basis. SLE will be communicated following the finalization of customer requirements. Please note: Access must be requested at least 2 weeks prior. If requesting travel to a country on the deny-list – this requires Enterprise EOTSS Chief Information Security Officer (CISO) approval. Important Note: This request requires both Agency/Secretariat’s General Counsel or designee approval, and Agency/Secretariat’s CISO or designee approval. | Customer
EOTSS
|
Policies
A communication was sent to ITLs and DSOs on updates to the current catalog item.
IS.003 Access Management Standard – Information Systems -6.3.3 No system or database containing non public information shall be directly accessible from an untrusted network
IS.004 Asset Management Standard - 6.7 Endpoint Security -6.7.10 Ensure that Commonwealth-owned or managed devices do not leave the United States.
IS.006 Communication and Network Security Standard – 6.2 Remote Access Security Management -6.2.1 All external connections to the Commonwealth family of networks must be reviewed and approved by the Commonwealth CISO
DENY LIST (Updated March 18, 2026)
| Country |
|---|
| Afghanistan |
| Azerbaijan |
| Bahrain |
| Bangladesh |
| Belarus |
| Burkina Faso |
| Burma (Myanmar) |
| Burundi |
| Central African Republic |
| Chad |
| Colombia |
| Cyprus |
| Democratic Republic of the Congo (D.R.C.) |
| Ethiopia |
| Guatemala |
| Guinea-Bissau |
| Guyana |
| Haiti |
| Honduras |
| Iran |
| Iraq |
| Israel, The West Bank and Gaza |
| Jerusalem |
| Jordan |
| Kuwait |
| Lebanon |
| Libya |
| Mali |
| Mauritania |
| Nepal |
| New Caledonia |
| Nicaragua |
| Niger |
| Nigeria |
| North Korea (Democratic People's Republic of Korea) |
| Oman |
| Pakistan |
| Papua New Guinea |
| Qatar |
| Russia |
| Saudi Arabia |
| Somalia |
| South Sudan |
| Sudan |
| Syria |
| Tanzania |
| Trinidad and Tobago |
| Uganda |
| Ukraine |
| United Arab Emirates |
| Venezuela |
| Yemen |
The list above was created by using a combination of sources from the federal government commerce ban, the CDC, and the US Department of State.
Refer to the U.S. Department of State for a listing of current travel advisories, including a recent Worldwide Caution advisory.
Contact
Phone
EOTSS End User IT Service Desk
Call EOTSS End User and IT Service Support, EOTSS End User IT Service Desk at (844) 435-7629
Support for Commonwealth end users and IT support personnel
Address
Online
For cybersecurity or risk management questions:
Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov